System Components

The following figure shows that Identity Synchronization for Windows consists of a set of Core components and any number of individual connectors and connector
subcomponents. These system components allow for the synchronization of password
and user attribute updates between Sun Java System Directory Server (Directory
Server) and Windows directories.

Figure 1–1 System Components

This section defines and describes these Identity Synchronization for Windows components:

Watchdog Process

The Watchdog is an Identity Synchronization for Windows Java technology-based process (Java
process) that starts, restarts, and stops individual
background Java processes. The Watchdog launches and monitors the central
logger, system manager, and connectors.
The Watchdog does not monitor subcomponents, Message Queue, or the Identity Synchronization for Windows Console.

The Watchdog is installed where you install the Core components and it can be started
as a SolarisTM software daemon, Red Hat Linux daemon,
or a Windows service.

Core

When you install Identity Synchronization for Windows, you install the Core component
first, then configure it to match your environment.

Coordinates idsync resync operations that
are used to initially synchronize two directories

Central Logger

Connectors may be installed so that they are widely distributed across
remote geographical locations. Therefore, having all logging information centralized
is of great administrative value. This centralization allows the administrator
to monitor synchronization activity, detect errors, and evaluate the health of the entire system from
a single location.

Administrators can use the central
logger logs to perform these tasks:

Verify that the system is running correctly

Detect and resolve individual component and system-wide problems

Audit individual and system-wide synchronization activity

Track a user’s password synchronization between directory
sources

The two types of logs are as follows:

Audit log. Provides information
about the system’s day-to-day activities, which includes events such
as a user’s password being synchronized between directories. You can
control the level of information that is logged in the audit log by increasing
or decreasing the detail provided in the log messages.

Error log. Provides information
about conditions that are qualified as severe errors and warnings. All error
log entries are worthy of attention, so you cannot prevent errors from being
logged. If an error condition takes place, it will always be documented in
the error log.

Note –

Identity Synchronization for Windows also writes all error log messages to the audit
log to facilitate correlation with other events.

Connectors

A connector is a Java process that manages the
synchronization process in a single data source type. A connector detects user changes in the
data source and publishes these changes to remote connectors over Message
Queue.

Identity Synchronization for Windows provides the following directory-specific connectors.
These connectors bidirectionally synchronize user attributes
and password updates between directories and domains.

Active Directory Connector.
Supports a single instance in a Windows 2000 or Windows 2003 Server Active
Directory source. You can use multiple connectors for additional domains.

Windows NT Connector. Supports
a single domain on Windows NT.

Note –

The Watchdog is installed where you install a connector, and it
starts, restarts, and stops the connectors. For more information, see Watchdog Process.

Connector Subcomponents

A subcomponent is a lightweight process or library that runs separately
from the connector. Connectors use subcomponents to access native resources
that cannot be accessed remotely, such as capturing passwords inside Directory
Server or Windows NT.

The following connector subcomponents are configured or installed with
the directory being synchronized and communicate with the corresponding connector
over an encrypted connection.

Identity Synchronization for Windows used to support only two-way multimaster replication
(MMR). Now, the Directory Server Plug-in is also functional in N-way
MMR environments.

Windows NT Connector Subcomponents

If your installation requires synchronization with Windows NT SAM
Registries, the Identity Synchronization for Windows installation program installs the following
in the Primary Domain Controller (PDC) along with the Windows NT Connector:

Change Detector. Detects user
entry and password change events by monitoring the Security Log, then passes
the changes to the Connector

Password Filter DLL. Captures
password changes made on the Windows NT Domain Controller and passes these
securely to the NT Connector.

Message Queue is an enterprise messaging system that implements the
Java Message Service open standard. This specification describes a set of
programming interfaces that provide a common way for Java applications to
create, send, receive, and read messages in a distributed environment.

Message Queue consists of message publishers and subscribers that exchange
messages using a common message service. This service is composed of one or
more dedicated message brokers that control
access to the message queue, maintain information about active publishers
and subscribers, and ensure that messages are delivered.